A security researcher has uncovered a flaw in Amazon’s website that could enable hackers to gain access to Amazon accounts.
The flaw was identified by Benjamin Daniel Mussler in a post on the B.FL7.DE blog.
Mussler says that Amazon’s Kindle Library is vulnerable to malicious computer script hidden in Kindle books.
Malicious script sneaked into eBooks can change the way the Kindle library page displays, like so:
“From the supplier’s point of view, vulnerabilities like this present an opportunity to gain access to active Amazon accounts,” Mussler writes.
According to Mussler, Amazon was informed of the security flaw in November 2013, but the loophole has yet to be fixed. When the security researcher informed the open source eBook program Calibre about the same problem, it was fixed within hours.
The good news is that Kindle books purchased through the Amazon store are unlikely to contain the hack, according to Mussler. Instead it’s more likely to spread using pirated eBooks that are sent to a user’s Kindle library — so there’s another reason not to download ebooks from dodgy websites.
The news comes a day after Business Insider pointed out a loophole in the site’s audio book retailer, Audible, that allowed anyone to download an unlimited amount of audio books for free.
Disclosure: Jeff Bezos is an investor in Business Insider through his personal investment company Bezos Expeditions.